Skip to content

Add oauth_body_hash #110

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

Add oauth_body_hash #110

wants to merge 2 commits into from

Conversation

webjunkie
Copy link

@joestump
Copy link
Owner

@webjunkie thanks for the PR! @jaitaiwan can you take a look?

joestump
joestump reviewed Jul 29, 2015
View reviewed changes
oauth2/__init__.py
@@ -695,8 +707,9 @@ class Server(object):
version = OAUTH_VERSION
signature_methods = None

def __init__(self, signature_methods=None):
def __init__(self, signature_methods=None, body_hashing=False):
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we make this check_body_hashing? Or verify_body_hash?

@jaitaiwan
Copy link
Contributor

Is this the same issue as #138? If so, the body should always be hashed even if empty according to spec...

@joestump
Copy link
Owner

joestump commented Aug 2, 2015

@jaitaiwan that's true, but I don't think body hashing itself is part of the OAuth specification. In other words, if you implement it you need to do this, but the providers don't have to implement body hashing. At least that's how I've understood this PR.

@webjunkie webjunkie closed this Sep 20, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@webjunkie @joestump @jaitaiwan